U radu programskog paketa HP OpenView Storage Data Protector uočena su dva nova sigurnosna nedostatka koja zlonamjernim korisnicima omogućuju pokretanje proizvoljnog programskog koda.

HP OpenView Storage Data Protector Unspecified Code Execution Vulnerabilities
Secunia Advisory 	SA45100 	

Release Date 	2011-06-29
  	
Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Workaround
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	HP OpenView Storage Data Protector 6.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2011-1865 CVSS available in Customer Area
CVE-2011-1866 CVSS available in Customer Area
	   	

Description

Two vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions 6.0, 6.10, 6.11, and 6.20 running on Windows.

Solution
As a workaround the vendor recommends to update to version A.06.20 or later and enable encrypted control communication services (please see the vendor's advisory for details).

Provided and/or discovered by
The vendor credits Nahuel C. Riva and Oren Isacson, Core Security Technologies.

Original Advisory
HPSBMU02686 SSRT100541:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02872182